I am not in any way legally involved in the lawsuit on either the
plaintiff or the defendant side. However, as a fellow (former) Linux
kernel developer myself, and a long-term Free Software community member
who strongly believes in the copyleft model, I of course am very
interested in this case.

History of the Case

This case is about GPL infringements in consumer electronics devices
based on a GNU/Linux operating system, including the Linux kernel and at
least some devices netfilter/iptables. The specific devices in question
are a series of satellite TV receivers built by a Shenzhen (China) based
company Geniatech, which is represented in Europe by Germany-based
Geniatech Europe GmbH.

The Geniatech Europe CEO has openly admitted (out of court) that they
had some GPL incompliance in the past, and that there was failure on
their part that needed to be fixed. However, he was not willing to
accept an overly wide claim in the preliminary injunction against his
company.

The history of the case is that at some point in July 2017, Patrick
McHardy has made a test purchase of a Geniatech Europe product, and
found it infringing the GNU General Public License v2. Apparently no
source code (and/or written offer) had been provide alongside the
binary - a straight-forward violation of the license terms and hence a
violation of copyright. The plaintiff then asked the regional court
of Cologne to issue a preliminary injunction against the defendant,
which was granted on September 8th,2017.

In terms of legal procedure, in Germany, when a plaintiff applies for a
preliminary injunction, it is immediately granted by the court after
brief review of the filing, without previously hearing the defendant in
an oral hearing. If the defendant (like in this case) wishes to appeal
the preliminary injunction, it files an appeal which then results in an
oral hearing. This is what happened, after which the district court of
cologne (Landgericht Koeln) on October 20, 2017 issued ruling 14 O 188/17
partially upholding the injunction.

All in all, nothing particularly unusual about this. There is no
dispute about a copyright infringement having existed, and this
generally grants any of the copyright holders the right to have the
infringing party to cease and desist from any further infringement.

However, this injunction has a very wide scope, stating that the
defendant was to cease and desist not only from ever publishing,
selling, offering for download any version of Linux (unless being
compliant to the license). It furthermore asked the defendant to
cease and desist

from putting hyperlinks on their website to any version of Linux

from asking users to download any version of Linux

unless the conditions of the GPL are met, particularly the clauses
related to providing the complete and corresponding source code.

The appeals case at OLG Cologne

The defendant now escalated this to the next higher court, the higher
regional court of Cologne (OLG Koeln), asking to withdraw the earlier
ruling of the lower court, i.e. removing the injunction with its current
scope.

The first very positive surprise at the hearing was the depth in which
the OLG court has studied the subject matter of the dispute prior to the
hearing. In the many GPL related court cases that I witnessed so far, it
was by far the most precise analysis of how Linux kernel development
works, and this despite the more than 1000 pages of filings that parties
had made to the court to this point.

Just to give you some examples:

the court understood that Linux was created by Linus Torvalds in 1991 and
released under GPL to facilitate the open and collaborative development

the court recognized that there is no co-authorship / joint authorship
(German: Miturheber) in the Linux kernel as a whole, as it was not a
group of people planning+developing a given program together, but it
is a program that has been released by Linus Torvalds and has since
been edited by more than 15.000 developers without any "grand joint
plan" but rather in successive iterations. This situation constitutes
"editing authorship" (German: Bearbeiterurheber)

the court further recognized that being listed as "head of the
netfilter core team" or a "subsystem maintainer" doesn't necessarily
mean that one is contributing copyrightable works. Reviewing
thousands of patches doesn't mean you own copyright on them, drawing
an analogy to an editorial office at a publisher.

the court understood there are plenty of Linux versions that may not
even contain any of Patric McHardy's code (such as older versions)

After about 35 minutes of the presiding judge explaining the court's
understanding of the case (and how kernel development works), it went on
to summarize the summary of their internal elaboration at the court
prior to the meeting.

In this summary, the presiding judge stated very clearly that they
believe there is some merit to the arguments of the defendant, and that
they would be inclined in a ruling favorable to the defendant based on
their current understanding of the case.

He cited the following main reasons:

The Linux kernel development model does not support the claim of
Patrick McHardy having co-authored Linux. In so far, he is only
an editing author (Bearbeiterurheber), and not a co-author.
Nevertheless, even an editing author has the right to ask for cease
and desist, but only on those portions that he authored/edited, and
not on the entire Linux kernel.

The plaintiff did not sufficiently show what exactly his contributions
were and how they were forming themselves copyrightable works

The plaintiff did not substantiate what copyrightable contributions he
has made outside of netfilter/iptables. His mere listing as general
networking subsystem maintainer does not clarify what his
copyrightable contributions were

The plaintiff being a member of the netfilter core team or even the
head of the core team still doesn't support the claim of being a
co-author, as netfilter substantially existed since 1999, three years
before Patrick's first contribution to netfilter, and five years
before joining the core team in 2004.

So all in all, it was clear that the court also thought the ruling on
all of Linux was too far-fetching.

The court suggested that it might be better to
have regular main proceedings, in which expert witnesses can be called
and real evidence has to be provided, as opposed to the constraints of
the preliminary procedure that was applied currently.

Some other details that were mentioned somewhere during the hearing:

Patrick McHardy apparently unilaterally terminated the license to his
works in an e-mail dated 26th of July 2017 towards the defendant.
According to the defendant (and general legal opinion, including my
own position), this is in turn a violation of the GPLv2, as it
only allowed plaintiff to create and publish modified versions of
Linux under the obligation that he licenses his works under GPLv2 to
any third party, including the defendant. The defendant believes
this is abuse of his rights (German: Rechtsmissbraeuchlich).

sworn affidavits of senior kernel developer Greg Kroah-Hartman and
current netfilter maintainer Pablo Neira were presented in support of
some of the defendants claims. The contents of those are
unfortunately not public, neither is the contents of the sworn
affidavists presented by the plaintiff.

The defendant has made substantiated claims in his filings that Patrick
McHardy would perform his enforcement activities not with the primary
motivation of achieving license compliance, but as a method to
generate monetary gain. Such claims include that McHardy has acted in
more than 38 cases, in at least one of which he has requested a
contractual penalty of 1.8 million EUR. The total amount of monies
received as contractual penalties was quoted as over 2 million EUR to
this point. Please note that those are claims made by the defendant,
which were just reproduced by the court. The court has not
assessed their validity. However, the presiding judge explicitly
stated that he received a phone calls about this case from a lawyer
known to him personally, who supported that large contractual
penalties are being paid in other related cases.

One argument by the plaintiff seems to center around being listed as
a general kernel networking maintainer until 2017 (despite his latest
patches being from 2015, and those were netfilter only)

Withdrawal by Patrick McHardy

At some point, the court hearing was temporarily suspended to provide the
legal representation of the plaintiff with the opportunity to have a
Phone call with the plaintiff to decide if they would want to continue
with their request to uphold the preliminary injunction. After a few
minutes, the hearing was resumed, with the plaintiff withdrawing their
request to uphold the injunction.

As a result, the injunction is now withdrawn, and the plaintiff has to
bear all legal costs (court fees, lawyers costs on both sides).

Personal Opinion

For me, this is all of course a difficult topic. With my history of
being the first to enforce the GNU GPLv2 in (equally German) court,
it is unsurprising that I am in favor of license enforcement being
performed by copyright holders.

I believe individual developers who have contributed to the Linux
kernel should have the right to enforce the license, if needed. It is
important to have distributed copyright, and to avoid a situation where
only one (possibly industry friendly) entity would be able to take
[legal] action.

I'm not arguing for a "too soft" approach. It's almost 15 years since
the first court cases on license violations on (embedded) Linux, and the
fact that the problem still exists today clearly shows the industry is
very far from having solved a seemingly rather simple problem.

On the other hand, such activities must always be oriented to
compliance, and compliance only. Collecting huge amounts of contractual
penalties is questionable. And if it was necessary to collect such huge
amounts to motivate large corporations to be compliant, then this must
be done in the open, with the community knowing about it, and the
proceeds of such contractual penalties must be donated to free software
related entities to prove that personal financial gain is not a
motivation.

The rumors of Patrick performing GPL enforcement for personal financial
gain have been around for years. It was initially very hard for me to
believe. But as more and more about this became known, and Patrick
would refuse to any contact requests by his former netfilter team-mates
as well as the wider kernel community make it hard to avoid drawing
related conclusions.

We do need enforcement, both out of court and in court. But we need it
to happen out of the closet, with the community in the picture, and
without financial gain to individuals. The "principles of community
oriented enforcement" of the Software Freedom Conservancy as well as the
more recent (but much less substantial) kernel enforcement statement
represent the most sane and fair approach for how we as a community
should deal with license violations.

So am I happy with the outcome? Not entirely. It's good that an
over-reaching injunction was removed. But then, a lot of money and
effort was wasted on this, without any verdict/ruling. It would have
been IMHO better to have a court ruling published, in which the
injunction is substantially reduced in scope (e.g. only about netfilter,
or specific versions of the kernel, or specific products, not about
placing hyperlinks, etc.). It would also have been useful to have some
of the other arguments end up in a written ruling of a court, rather
than more or less "evaporating" in the spoken word of the hearing today,
without advancing legal precedent.

Lessons learned for the developer community

In the absence of detailed knowledge on computer programming, legal folks
tend to look at "metadata" more, as this is what they can understand.

It matters who has which title and when. Should somebody not be
an active maintainer, make sure he's not listed as such.

If somebody ceases to be a maintainer or developer of a project,
remove him or her from the respective lists immediately, not just
several years later.

Copyright statements do matter. Make sure you don't merge any patches
adding copyright statements without being sure they are actually valid.

Lessons learned for the IT industry

There may be people doing GPL enforcement for not-so-noble motives

Defending yourself against claims in court can very well be worth it,
as opposed to simply settling out of court (presumably for some
money). The Telefonica case in 2016 <>_ has shown this, as has this
current Geniatech case. The legal system can work, if you give it a
chance.

Nevertheless, if you have violated the license, and one of the
copyright holders makes a properly substantiated claim, you still will
get injunctions granted against you (and rightfully so). This was
just not done in this case (not properly substantiated, scope of
injunction too wide/coarse).

Dear Patrick

For years, your former netfilter colleagues and friends wanted to have a
conversation with you. You have not returned our invitation so far.
Please do reach out to us. We won't bite, but we want to share our
views with you, and show you what implications your actions have not
only on Linux, but also particularly on the personal and professional
lives of the very developers that you worked hand-in-hand with for
a decade. It's your decision what you do with that information afterwards,
but please do give us a chance to talk. We would greatly appreciate if
you'd take up that invitation for such a conversation. Thanks.